Timeout on http-01 challenge for no good reason

I’m trying to get an https layer on my blog, sanchke.com. However when I run certbot certonly -d sanchke.com I always end up with a timeout. I’ve been using the http-01 challenge, I myself can even access the challenge file.

I also know that my website is AAAA based, I’ve checked the v6 address and it’s good. Furthermore, sanchke.com is listening to both 80 and 443. Here is the report:

Domain: sanchke.com
   Type:   connection
   Detail: Fetching

And as I said before, I myself can access the challenge file (http://sanchke.com/.well-known/acme-challenge/PeN0W8pBzaZpi0OIr7wXb7S8kCCK2kxLN9JEC_ZkEyE) without any noticeable delay. Even if the file was unassailable then at least a 404 would be returned.

Am I missing something? Is my website actually too slow?

Neither your IPv4 nor v6 address are responding on port 80 (or 443 for that matter).

Are you on a residential ISP? Charter? They may be blocking port 80. It may not be affecting you personally since you are inside your network, but others definitely cannot access your server.

It is also possible that you have not properly forwarded your ports, if you are sitting behind router/modem NAT. nmapping your IP results in zero open ports, which makes me suspect this.


I’ve fixed a few DNS problems that had wrong IPs as you pointed out, that was a few days ago. Today I’m still getting a timeout. I’ve contacted friends in remote locations and they themselves can download the http-01 check file. This isn’t making any sense.

Currently, I can connect to it over IPv4, but IPv6 times out.

1 Like

I can confirm what @mnordhoff is seeing—the IPv4 version is working but the IPv6 version, although it’s still advertised with an AAAA record in DNS—times out. Most users couldn’t notice this with a browser (1) because users on most ISPs still don’t have IPv6 connectivity, and (2) most browsers (unlike the Let’s Encrypt CA) fall back automatically from IPv6 to IPv4 if the IPv6 connection doesn’t work.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.